Patreon crowdfunding site hacked – all it takes is one mistake…
Debugging a test version of your website with real data? Best to have it on a test network, not the real internet!
Naked Security – Sophos
Debugging a test version of your website with real data? Best to have it on a test network, not the real internet!
Naked Security – Sophos
At a Harvard fundraising campaign, Harvard Campaign co-chair David Rubenstein, asked Bill Gates, “Why, when I want to turn on my software and computer, do I need to have three fingers on Ctrl+Alt+Delete? What is that — where does that come from? Whose idea was that?”
Ms. Smith’s blog
The Hindu |
Brazil hackers mistake NASA for NSA in espionage payback
China Post Brazil hackers mistake NASA for NSA in espionage payback. AFP September 19, 2013, 12:25 am TWN. SHARE. CLOSE. Blogger · Google+ · Live Journal · Plurk · Stumble Upon · Tweet. BRASILIA–Hackers have hit back in retaliation for U.S. cyber-spying on … Brazil's Leader Postpones State Visit to Washington Over Spying Rousseff Calls Off US Visit Over NSA Surveillance US-Brazil Relations and NSA Electronic Surveillance |
Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats.
The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate. As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs. Critics said it was hard to excuse such a rudimentary error in an open-source piece of software held out as a way to protect sensitive communications.
“It was simply a matter of what I would call a fairly rookie mistake,” independent security researcher Adam Caudill told Ars. “They didn’t understand the data they were working with. Key generation code is one of the most critical parts of a crypto system because it doesn’t matter what else you get right if you get that wrong.”
Read 7 remaining paragraphs | Comments